6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
5.4 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
CPE | Name | Operator | Version |
---|---|---|---|
simple_machines:simple_machines_forum | simple machines simple machines forum | eq | 1.1_rc3 |
aria-security.com/forum/showthread.php?p=128
osvdb.org/32606
securityreason.com/securityalert/2169
www.securityfocus.com/archive/1/457508/100/0/threaded
www.securityfocus.com/archive/1/457627/100/0/threaded
www.securityfocus.com/archive/1/457761/100/200/threaded
www.securityfocus.com/archive/1/458194/100/100/threaded
www.securityfocus.com/archive/1/458904/100/0/threaded
www.securityfocus.com/bid/22143
exchange.xforce.ibmcloud.com/vulnerabilities/31612